cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Help us improve the PTC Community by taking this short Community Survey! X

View based access control for MPLM

ptc-4533309
2-Explorer

View based access control for MPLM

We need access control based on "View" e.g. Manufacturing view should be accessible only to a role "Manufacturing engineer"

Does Windchill 10.1 supports it ? If not, is it included in Windchill product roadmap in future ?

We have different Manufacturing Plants, for these we need to create different Manufacting views for released eBOM.

In order to control access for Design and Manufacturing views we are creating different roles for Design engineer and Manufacturing Engineer.

Can we have access coontrols based on the view of the BOM?

6 REPLIES 6

Hello

We had exactly this use case.

As WTPart Views are independant "versions" of the same WTPartMaster, you are able to store each view in a different folder ( with a different administrative domain )

In the folder "Engineering", we give create/read/modifiy access to role Design Engineer and only read and new view to role Manufacturing Engineer.

In the folder "Manufacturing", we give create/read/modifiy access to role Manufacturing Engineer, and only read to role Design Engineer

With this , a design engineer is not able to create a new view, and a manufacturing engineer is only able to create a new view in his manufacturing folder ...

Be carefull , there's an issue known in technical Support (fixed by patch) for WC10 F000 to M030 about new view in different domain. new domain and accessrules are not correctly propagated. need this fix in order this solution work

If you don't want that your users set manually folders, you can automate this in Init rules , by a conditionnal test. depending of views ...

regards

Gregory

Hi Gregory,

Very interesting! Could you make an example of those INIT-rules available?

TIA, Hugo.

Here's an example of setting a folder depending of an attribute

I haven't test it with the view <Attr id="view.id"/>. cause In my case, I'm testing another IBA attribute.

So I have <Attr id="My_IBA"/> But it should work

regards

<!-- set the folder -->
<AttrValue id="folder.id" algorithm="com.ptc.core.foundation.folder.server.impl.FolderPathAttributeAlgorithm">

<Value algorithm="wt.rule.algorithm.BooleanBranch">
<Value algorithm="wt.rule.algorithm.EqualsTest">
<Attr id="view.id"/>
<Arg>MANUFACTURING</Arg>
</Value>
<Value algorithm="wt.rule.algorithm.StringConstant">
<Arg>/Default/Manufacturing</Arg>
</Value>
<Value algorithm="wt.rule.algorithm.StringConstant">
<Arg>/Default/Design</Arg>
</Value>
</Value>

</AttrValue>

Does PTC plans to have provision of explicit view based access control in Windchill future releases.

Any comments ?

Old topic retrieval.

I'm using same process with mpmlink : containers (product & libraries) defined product centric and not per usage. Hierarchy of views design -> manuf & Aftermarket. And also security domains based on foldering for segregating design data and manuf data in each container using the same root foldering structure for all containers ie: design,manuf,aftermarket,sales etc.... I also have sub folders in manuf, 1 per plant. only member of the linked group with domain are able to edit create content for a specific folder. this is also mixed with several conditions based on the type of object, state etc...so In addition for instance we prevent manuf people from seing the "inwork" content in design view. And i have discovered an issue in Windchill10M050 : I face a pb for creating downstreams in mpmlink when exists a latest "in work" version in design view in addition with the previous released ones. Seems mpmlink evaluates user permission on the "source" part (the upstream) using a "retrieve latest version" utility and not the version user has selected and want to create a downstream based on. So my manuf users are receiving a denied permission even if they try to create a downstream from a content they'have an access granted to because mpmlink says they can't access the design view because the version is "inwork".

Heard about a workarounf or knowing anything about the subject someone ?

Hello all,

Old topic retrieval..

We are also thinking of similar kind of implementation as you have described above - for Windchill 10.1 M050.

But I have different concern as;    

- We do not want Plant ME's to see Parts in INWORK Status when there is change happening and the Part is revised by Design Engineers. However, our planned MBOM structure is like below;

Plant1_PenAssy(Manufacturing/RELEASED)

|__TopCap (Design/RELEASED)

|__Plant2_Body(Manufacturing/RELEASED)

        |__Body(Design/RELEASED)

        |__BottomCap(Design/RELEASED)

|__Refill (Design/RELEASED)

If a Body part is in Change process which belongs to Plant2 then Plant ME's  should not be able to see that Part which is in Design/INWORK state revised by Design Engineers from Plant2 till the time it gets RELEASED.(This case can be achieved by some Policy Administration)

But, if there is change which required Plant ME's to Revise the structure (Plant2_Body(Manufacturing/RELEASED) in above example) and restructure the MBOM, but, due to above Access control after revising they will not be able to see Revised Part which will be in INWORK Status.

So my question is, is there any way to provide Access control based on View and LC State of the part?

Plant ME should have below access rules.

Manufacturing / RELEASED - Read,Modify etc.

Manufacturing / INWORK - Read, Modify etc.

Design / RELEASED - Read, Modify etc.

Design / INWORK - No Read Access.

Any help would be much appreciated!

--

Thanks

Harshal

Announcements


Top Tags